Closed
Bug 429065
Opened 16 years ago
Closed 6 years ago
add method for directly escaping string for use in queries
Categories
(Toolkit :: Storage, defect)
Toolkit
Storage
Tracking
()
RESOLVED
INACTIVE
People
(Reporter: myk, Unassigned)
Details
Bound parameters are best in most cases, but they are overcomplicated to use in some, like a query whose WHERE clause has an IN condition that references a dynamic number of strings, i.e.: UPDATE foo SET bar = 'baz' WHERE bar IN ('a', 'b', 'c', ...); If we had a method that directly escaped (and quoted) a string, generating this query in JS would be as simple as: "UPDATE foo SET bar = 'baz' WHERE bar IN (" + array.map(escape).join(", ") + ")" Per the C language interface to SQLite version 2 <http://sqlite.org/c_interface.html>, which also applies to version 3, I think, one can use sqlite_mprintf with the %q and %Q extensions to escape and escape+quote strings, respectively. It might even be possible to use sqlite_vmprintf to escape multiple strings at once, although it's not clear what it outputs (perhaps a comma-delimited list of quoted strings?). `
Comment 1•6 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INACTIVE
You need to log in
before you can comment on or make changes to this bug.
Description
•